---
title: 'API auth'
sidebarTitle: 'API auth'
description: 'Let your users connect external APIs to your app'
---

API Auth connects your app to [500+ APIs](/integrations/all).

<Frame caption="Connection flow with Nango's pre-built Connect UI">
  ![](/images/screenshots/connect-ui.gif)
</Frame>

## When should you use API auth?

- You want users to connect their external accounts to your app
- You want to avoid building OAuth flows, API key guides, and token refresh logic yourself
- You want a white-label connection experience for your users

All Nango customers use API auth. Everything else, [Syncs](/guides/use-cases/syncs), [Actions](/guides/use-cases/actions), and [Webhooks](/guides/use-cases/webhooks), builds on it.


## Key facts

- Supports dozens of auth methods: OAuth 2.0, 2.1, API key, basic auth, and custom auth models
- Securely stores all credentials with encryption at rest and in transit (learn more on our [Trust center](https://trust.nango.dev))
- Automatically refreshes access tokens as needed to prevent expiration
- Detects broken access tokens and notifies your backend via webhook
- Fully white-label: Users authorize your app with no Nango branding
- Full control: You always have access to your users' API keys and access tokens
- Provides detailed guides to help users find API keys and other required parameters (subdomain, project ID, etc.)
- Automatically validates API keys and other credentials during connection
- Anyone can [contribute new APIs](/implementation-guides/platform/contribute-new-api) to Nango, or our team can add new APIs for you
- All authorization attempts create detailed logs in Nango's [logs](/guides/platform/logs)

## How API auth works

1. Configure the integration in your Nango dashboard
2. Embed the auth flow in your application with our [implementation guide](/implementation-guides/api-auth/implement-api-auth)
3. Fetch credentials from Nango, or use them with [Syncs](/guides/use-cases/syncs), [Actions](/guides/use-cases/actions), [Webhooks](/guides/use-cases/webhooks), and our [Proxy](/guides/use-cases/proxy)

## API Auth in detail

### What is a Connection?

Each time a customer connects an external account, this creates a Connection in Nango.

You can think of a Connection in Nango as a set of credentials for an integration (e.g., a GitHub API access token).

It's up to you how you associate the Connection with objects in your application. You can link them to an account, a user, or any other object, such as a project or workspace. Which option is best depends on your integration's use case and whether you want each user, account, etc., to set up the integration.

Integrations in Nango always run in the context of a Connection.

For example, if you define a [Sync](/guides/use-cases/syncs) for your GitHub integration, this sync will run in the context of each GitHub connection in your account.

### Adding support for new APIs

Nango is designed to make it fast and easy to add support for new APIs.

If you need support for an API we don't have yet, you can either:
- [Contribute support for it yourself](/implementation-guides/platform/contribute-new-api) (we take ~24h to review, merge, and deploy high-quality PRs)
- Request support on the [Slack community](https://nango.dev/slack) or your private Slack connect channel with Nango
  - We prioritize requests by plan. Free users can expect support for new APIs in 5-10 business days, Enterprise customers \<48h

### API auth demo

Watch a quick demo of the API auth flow and the detailed logs it creates.

<div style={{ position: 'relative', overflow: 'hidden', paddingTop: '56.25%' }}>
    <iframe
        src="https://www.loom.com/embed/ba30523220f94bf3a8def8bf5f2b92c2"
        frameBorder="0"
        allowFullScreen
        style={{ position: 'absolute', top: 0, left: 0, width: '100%', height: '100%' }}
        title="Loom video"
    ></iframe>
</div>

### OAuth token refresh & validity

If the external API requires OAuth access tokens to be refreshed, Nango will do this automatically for you before the token expires. If the refresh fails, it can [inform your app with a webhook](/guides/platform/webhooks-from-nango), and you can ask the user to reconnect.

Some APIs revoke refresh tokens that are unused. To avoid this, Nango refreshes each access token at least once every 24h.

Revoked access tokens, and refresh failures, happen to all integrations. Read our [best practice guide on handling revoked access tokens](/implementation-guides/platform/common-issues#token-refresh-error-from-the-external-api) and make sure you [implement the re-authentication flow](/implementation-guides/api-auth/implement-api-auth#6-re-authorize-an-existing-connection) so your users can re-authenticate broken connections.